Microsoft Security Response Center Blog Alerts

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.

Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.

A heap‑based buffer overflow exists in libjpeg‑turbo’s h2v2_merged_upsample_internal() function when processing 12‑bit lossless JPEG images. An attacker could craft an image containing out‑of‑range 12‑bit samples that, when decompressed with merged upsampling enabled, may trigger a segmentation fault or buffer overflow, resulting in an application crash.

Null pointer dereference in Windows LDAP – Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Changes made to the security updates links and information. This is an informational change only.